Privacy Policy

Introduction

drammr is a mobile application that helps you create sensory profiles for your favourite spirits. This Privacy Policy explains how Marshall Spirits, Ltd. ("we", "us", or "our") collects, uses, and protects your personal data when you use the drammr app. We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (GDPR).

Data Controller

Marshall Spirits, Ltd. is the data controller responsible for your personal data.

Company: Marshall Spirits, Ltd.

Contact: support@drammr.com

Data We Collect

We collect the following categories of personal data:

Account Data

Email address (for account recovery and notifications)

Display name (your public username)

Bio (optional profile description)

Profile photo (optional)

Website URL (optional)

Content Data

Drams (your tasting notes, flavour profiles, and ratings)

Photos attached to your drams

Comments on other users' drams

Feedback and support requests you submit

Social Data

Follow relationships (who you follow and who follows you)

Likes on drams

Technical Data

Device tokens (for push notifications, with your consent)

App preferences (theme, locale)

Crash reports and error logs (with your consent, anonymised)

Usage analytics (with your consent, anonymised)

Legal Basis for Processing

We process your personal data on the following legal bases:

Contract Performance: Processing necessary to provide the drammr service, including account creation, storing your drams, and enabling social features.

Legitimate Interest: Processing for app improvement, security, content moderation, and fraud prevention.

Consent: Processing for analytics and crash reporting. You can withdraw consent at any time in the app settings.

How We Use Your Data

Provide core app features (creating drams, commenting, following)

Send push notifications about activity on your content

Moderate content to ensure community guidelines are followed

Analyse app usage to improve the user experience (with consent)

Respond to support requests and feedback

Protect against fraud, abuse, and security threats

Data Sharing

We share your data with the following third-party service providers who help us operate the app. All providers are bound by data processing agreements.

Google Firebase / Google Cloud

Infrastructure provider for data storage, authentication, and cloud functions. Firestore data is stored in the UK. Cloud Functions execute in the US. Subject to Google Cloud Data Processing Agreement.

Cloudflare

Email delivery for administrative notifications (e.g., data export links). Receives email addresses for delivery purposes only. Subject to Cloudflare DPA.

BetterStack

Application monitoring and logging. Receives only anonymised, sanitised logs with no personal data. Subject to BetterStack DPA.

Google Natural Language API

Content moderation service. User-generated text (dram notes, comments, bios) is analysed for inappropriate content. Text is processed transiently and not stored by Google. Subject to Google Cloud DPA.

Data Retention

We retain your data for the following periods:

Account data: Retained while your account is active. Deleted upon account deletion request.

Notifications: Automatically deleted after 90 days

Moderation records (approved content): Deleted after 30 days

Moderation records (rejected content): Retained for 1 year for appeals

Backups: Retained for 30 days, then automatically deleted

Data export files: Available for download for 7 days, then deleted

Your Rights

Under UK GDPR and EU GDPR, you have the following rights:

Right of Access: You can request a copy of your personal data using the data export feature in the app settings.

Right to Rectification: You can update your profile information directly in the app.

Right to Erasure: You can delete your account in the app's privacy settings. Your personal data will be deleted and your content anonymised.

Right to Data Portability: You can export your data in JSON format using the data export feature in the app settings.

Right to Withdraw Consent: You can withdraw consent for analytics and crash reporting in the app settings.

To exercise any of these rights, use the relevant features in the app or contact us at support@drammr.com.

Note: Data export requests are limited to once every 30 days, as permitted by GDPR Article 12(5) regarding excessive requests.

Age Restriction

drammr is intended for users aged 18 and over. The app relates to alcoholic beverages and is not intended for use by minors. We do not knowingly collect personal data from anyone under 18. If you believe we have collected data from someone under 18, please contact us immediately at support@drammr.com.

Cookies and Tracking

The drammr mobile app does not use cookies. If you visit our website, we use only essential cookies required for site functionality. We do not use third-party advertising or tracking cookies. In-app analytics (when you have given consent) use Firebase Analytics, which does not track you across other apps or websites.

International Data Transfers

Your data is primarily stored in the UK. Some processing occurs in the United States, including Cloud Functions and third-party processors (Cloudflare). These transfers are protected by Standard Contractual Clauses and the EU-US Data Privacy Framework where applicable.

Changes to This Policy

We may update this Privacy Policy from time to time. If we make significant changes, we will notify you through the app and request your acknowledgment of the updated policy before continuing to use the service.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

support@drammr.com